Error in Federated Experience Manager (FXM) - No 'Access-Control-Allow-Origin' header is present on the requested resource

  • Description

    Under the circumstances listed below, the AJAX requests of the FXM Beacon script fail. The following error can be found in the browser console:

    XMLHttpRequest cannot load http://your.domain.com/sitecore/api/ssc/Beacon... 
    No 'Access-Control-Allow-Origin' header is present on the requested resource.
    Origin 'http://your.domain.com' is therefore not allowed access.

    The issue can be caused by the following reasons:

  • The following function is called from the custom code at the time when the ServicesWebApiInitializer processor of the initialize pipeline has not been executed yet:

    GlobalConfiguration.Configure(WebApiConfig.Register);

    This can be, for example, in the Application_Start() method of the Global.asax file, or in a custom initialize pipeline processor placed before the ServicesWebApiInitializer processor. Also, it can be a third-party library that allows subscription to the application initialization. For example, the WebActivatorEx library allows specification of an initialization method using the PreApplicationStartMethod attribute.

    • Find the place in your code or in the third-party component that calls the GlobalConfiguration.Configure() method.
    • Insert the following code before this place, then compile and deploy the changes to your website:
      GlobalConfiguration.Configuration.EnableCors();
  • A redirection is configured in IIS or in the web.config file (for example, using the URL Rewrite IIS module). When the AJAX Beacon request is redirected, it loses the CORS headers, which causes the issue.

  • Configure the redirection rules to not redirect the requests to the /sitecore/api/ssc/Beacon/Service path.

Applies to:

CMS 8.0 Initial Release+

June 30, 2017
June 30, 2017

Reference number:

166271

Keywords: 

  • Federated Experience Manager